Authorizing access to Log Viewer
If you have published the configuration file, make sure the middleware and api_middleware options include the AuthorizeLogViewer middleware.
There are multiple ways you can allow or disallow access to the Log Viewer, making it perfect not just for local installation, but for production use as well.
Disabling Log Viewer completely
You might want to disable Log Viewer completely in certain environments without having to remove the composer package.
To do so, simply set the variable in your .env file like so:
LOG_VIEWER_ENABLED=falseAuthorizing users
There are a few methods available to authorize access to the Log Viewer, based on your needs.
This is great if you want to limit who has access to the Log Viewer, which is especially important in production use.
Via "auth" callback
You can limit access to the Log Viewer by providing a custom authorization callback to the LogViewer::auth() method in your AppServiceProvider:
use Opcodes\LogViewer\Facades\LogViewer;/** * Bootstrap any application services. * * @return void */public function boot(){ LogViewer::auth(function ($request) { // return true to allow viewing the Log Viewer. });}The function should return a boolean true (access allowed) or false (access denied).
Here's an example which would only allow the john@example.com user to access the Log Viewer:
use Opcodes\LogViewer\Facades\LogViewer;/** * Bootstrap any application services. * * @return void */public function boot(){ LogViewer::auth(function ($request) { return $request->user() && in_array($request->user()->email, [ 'john@example.com', ]); });}Via "viewLogViewer" Gate
Another easy way to limit access to the Log Viewer is via Laravel Gates.
Just define a viewLogViewer authorization gate in your AuthServiceProvider class:
use App\Models\User;use Illuminate\Support\Facades\Gate; /** * Register any authentication / authorization services. * * @return void */public function boot(){ $this->registerPolicies(); Gate::define('viewLogViewer', function (?User $user) { // return true if the user is allowed access to the Log Viewer });}Via middleware
Before you're able to configure this, make sure to first publish the configuration file.
You can easily add authentication to log viewing routes using popular auth middleware in the config/log-viewer.php.
If your application doesn't use the default authentication solutions, you can use the auth.basic HTTP Basic Authentication middleware.
By default, the auth.basic middleware will assume the email column on your users database table is the user's "username".
Here's an example how you could add the auth middleware the Log Viewer's config/log-viewer.php configuration file:
/* |-------------------------------------------------------------------------- | Log Viewer route middleware. |-------------------------------------------------------------------------- | The middleware should enable session and cookies support in order for the Log Viewer to work. | The 'web' middleware will be applied automatically if empty. | */ 'middleware' => ['web', 'auth'], Via Spatie's permissions
For authorization using Spatie's Laravel Permissions package see this discussion.
Configuring how the front-end makes API requests
This feature is only available since Log Viewer v2.2.
You can now publish the Log Viewer template to set up additional headers when Log Viewer makes requests to its own API.
This might be required to set a Bearer Authorization token from the browser's localStorage, or to add an identifying header.
- Publish the view with
php artisan vendor:publish --tag=log-viewer-views, - Open
resources/views/vendor/log-viewer/index.blade.php, - At the bottom, there's a place to add additional headers to the
window.LogViewer.headersobject.
<script> window.LogViewer = @json($logViewerScriptVariables); // Add additional headers for LogViewer requests like so:- // window.LogViewer.headers['Authorization'] = 'Bearer xxxxxxx';+ window.LogViewer.headers['Authorization'] = 'Bearer xxxxxxx';</script>